def verify(self, signature, message, signature_as_digits=True): global _CryptoLog # if _CryptoLog is None: # _CryptoLog = os.environ.get('CRYPTO_LOG') == '1' signature_bytes = signature if signature_as_digits: signature_bytes = number.long_to_bytes(signature, blocksize=4) if not strng.is_bin(signature_bytes): raise ValueError('signature must be byte string') if not strng.is_bin(message): raise ValueError('message must be byte string') h = hashes.sha1(message, return_object=True) result = False try: pkcs1_15.new(self.keyObject).verify(h, signature_bytes) result = True except ( ValueError, TypeError, ): # do not raise any exception... just return False lg.exc('signature=%r message=%r' % ( signature, message, )) if _Debug: if _CryptoLog: lg.args(_DebugLevel, result=result, signature=signature) return result
def verify(self, signature, message, signature_as_digits=True): signature_bytes = signature if signature_as_digits: signature_text = strng.to_text(signature) signature_int = int(signature_text) signature_bytes = number.long_to_bytes(signature_int) if signature[0:1] == b'0': signature_bytes = b'\x00' + signature_bytes if not strng.is_bin(signature_bytes): raise ValueError('signature must be byte string') if not strng.is_bin(message): raise ValueError('message must be byte string') h = hashes.sha1(message, return_object=True) try: pkcs1_15.new(self.keyObject).verify(h, signature_bytes) result = True except ( ValueError, TypeError, ): if _Debug: lg.exc( msg='signature=%r\nmessage=%r\nsignature_as_digits=%r\n' % (signature, message, signature_as_digits)) result = False return result
def sign(self, message, as_digits=True): if not self.keyObject: raise ValueError('key object is not exist') if not strng.is_bin(message): raise ValueError('message must be byte string') h = hashes.sha1(message, return_object=True) signature_bytes = pkcs1_15.new(self.keyObject).sign(h) if not as_digits: return signature_bytes signature_raw = strng.to_bin(number.bytes_to_long(signature_bytes)) if signature_bytes[0:1] == b'\x00': signature_raw = b'0' + signature_raw return signature_raw
def validate_key(key_object): sample_data = strng.to_bin(base64.b64encode(os.urandom(256))) sample_hash_base = hashes.sha1(sample_data, hexdigest=True) sample_signature = key_object.sign(sample_hash_base) is_valid = key_object.verify(sample_signature, sample_hash_base) if not is_valid: if _Debug: lg.err('validate_key FAILED') lg.out(_DebugLevel, 'public=%r' % key_object.toPublicString()) lg.out(_DebugLevel, 'signature=%r' % sample_signature) lg.out(_DebugLevel, 'hash_base=%r' % sample_hash_base) lg.out(_DebugLevel, 'data=%r' % sample_data) return is_valid
def verify(self, signature, message, signature_as_digits=True): if signature_as_digits: signature_raw = number.long_to_bytes(int(strng.to_text(signature))) if signature[0:1] == b'0': signature_raw = b'\x00' + signature_raw if not strng.is_bin(signature_raw): raise ValueError('signature must be byte string') if not strng.is_bin(message): raise ValueError('message must be byte string') h = hashes.sha1(message, return_object=True) try: pkcs1_15.new(self.keyObject).verify(h, signature_raw) result = True except (ValueError, TypeError, ): if _Debug: from logs import lg lg.exc() result = False return result
def verify(self, signature, message, signature_as_digits=True): signature_bytes = signature if signature_as_digits: signature_text = strng.to_text(signature) signature_int = int(signature_text) signature_bytes = number.long_to_bytes(signature_int) # if signature[0:1] == b'0': # signature_bytes = b'\x00' + signature_bytes if not strng.is_bin(signature_bytes): raise ValueError('signature must be byte string') if not strng.is_bin(message): raise ValueError('message must be byte string') h = hashes.sha1(message, return_object=True) result = False try: pkcs1_15.new(self.keyObject).verify(h, signature_bytes) result = True except ( ValueError, TypeError, ): if signature_as_digits and signature[0:1] == b'0': lg.warn('signature starts with "0", will try to verify again') try: signature_text = strng.to_text(signature) signature_int = int(signature_text) signature_bytes = number.long_to_bytes(signature_int) pkcs1_15.new(self.keyObject).verify( h, b'\x00' + signature_bytes) result = True lg.warn( 'signature with additional "0" in front passed verification' ) except: # lg.err('signature verification failed: %r' % signature) lg.err( 'signature=%r message=%r signature_as_digits=%r' % (signature, message, signature_as_digits)) # lg.exc(msg='signature=%r\nmessage=%r\nsignature_as_digits=%r\n' % ( # signature, message, signature_as_digits)) # do not raise any exception... return result
def sign(self, message, as_digits=True): global _CryptoLog # if _CryptoLog is None: # _CryptoLog = os.environ.get('CRYPTO_LOG') == '1' if not self.keyObject: raise ValueError('key object is not exist') if not strng.is_bin(message): raise ValueError('message must be byte string') h = hashes.sha1(message, return_object=True) signature_raw = pkcs1_15.new(self.keyObject).sign(h) if not as_digits: if _Debug: if _CryptoLog: lg.args(_DebugLevel, signature_raw=signature_raw) return signature_raw signature_long = number.bytes_to_long(signature_raw) signature_bytes = strng.to_bin(signature_long) if _Debug: if _CryptoLog: lg.args(_DebugLevel, signature_bytes=signature_bytes) return signature_bytes
def HashSHA(inp, hexdigest=False): """ Use SHA1 method to calculate the hash of ``inp`` string. """ return hashes.sha1(inp, hexdigest=hexdigest)